Backend production-grade
Clean Architecture with a 4-layer approach, multi-layered security and disciplined migrations: the actual backend stack I use in production, not a tutorial.
Backend production-grade means Clean Architecture with a 4-layer defense enforced by ArchUnit rules in CI, not a diagram on a slide: dependency arrow toward the domain, irreversible Flyway migrations handled with discipline, JWT with real revocation on Redis. The stack described here runs in production on Spring Boot today, not in a tutorial.
Depth/Details
Software Architecture
- Beginner
Object-Oriented Programming
Complete series on object-oriented programming in TypeScript: classes, inheritance, polymorphism, encapsulation, and SOLID principles. From basic concepts to practical applications in modern web development.
- Intermediate
Design Patterns in TypeScript
GoF pattern implementation in modern TypeScript: Creational, Structural, and Behavioral patterns with practical examples, UML diagrams, and real-world web development use cases.
- Advanced
Practical Software Architecture for the Web
Software architecture for web applications: clean architecture, hexagonal architecture, DDD, CQRS, event sourcing, and architectural patterns for scalable and maintainable systems.
- Advanced
From Microservices to Modular Monolith
Distributed architectures: microservices, modular monolith, event-driven architecture, saga pattern, service mesh, and migration strategies between architectural approaches.
- Beginner
Software Development Methodologies
Software development methodologies: Agile, Scrum, Kanban, XP, TDD, BDD, continuous delivery, and best practices for high-performing development teams.
- Advanced
Platform Engineering and Internal Developer Platforms
Platform engineering: Internal Developer Platforms, golden paths, self-service infrastructure, Backstage, Crossplane, and strategies to reduce developer cognitive load.
Security and DevOps
- Intermediate
Web Security for Developers
Web security for developers: OWASP Top 10, XSS, CSRF, SQL injection, JWT authentication, HTTPS, CSP, CORS, and best practices for securing modern web applications.
- Advanced
DevSecOps and Shift-Left Security
DevSecOps: shift-left security, SAST/DAST/SCA automation, supply chain security, container scanning, secrets management, and security-as-code in the CI/CD pipeline.
- Advanced
Detection Engineering: Building Defense Tools
Detection engineering: SIEM/SOAR, sigma rules, threat detection, incident response automation, malware analysis, and building defensive security pipelines.
- Intermediate
Quality Engineering for AI-Generated Code
Quality engineering for AI-generated code: testing strategies, code review automation, mutation testing, property-based testing, and quality metrics for the AI coding era.
- Advanced
Observability and OpenTelemetry
Modern observability: OpenTelemetry, distributed tracing, metrics, logging, alerting, SLO/SLI, and strategies for observable production systems.
Frequently Asked Questions
What backend stack is used in production?
Spring Boot 3.4 on Java 21, Clean Architecture at 4 layers (domain/application/infrastructure/presentation), PostgreSQL 16 and Redis Stack 7, with over 90 documented REST endpoints via Swagger.
How do you ensure that the architecture does not deteriorate over time?
Rules enforced by ArchUnit in CI block the build if a layer violates the dependency arrow towards the domain: the architecture defends itself alone, not dependent on who writes the next commit.
How do you manage API security?
JWT owner with HS256 signing, denylist for revocation on Redis, rate limiting per endpoint (Bucket4j), CORS whitelist and protection against SSRF on internal service calls.
Do you also offer consulting on existing Spring Boot architectures?
Yes: architecture audit, refactoring to Clean Architecture and securing existing Spring Boot systems in production with a focus on real risk generation.